Linux下的sshd网络连接服务

1.openssh
当主机中开启openssh服务,那么就对外开放了远程连接的接口
#openssh服务的服务端

sshd

#openssh服务的客户端

ssh


2.用图形界面添加新的网络连接

如图,先用nm-connection-editor,打开配置网络的图形界面

删除之前的网络连接

点击 Add 添加新的网络

选择添加图示以太网,

选择电脑的MAC地址


在常用的IPV4网络协议下选择maual,进行配置ip地址

可以用ifconfig命令查询本机的ip

[[email protected] Desktop]$ ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.25.254.65  netmask 255.255.255.0  broadcast 172.25.254.255
        inet6 fe80::56ee:75ff:fe6c:ba4  prefixlen 64  scopeid 0x20<link>
        ether 54:ee:75:6c:0b:a4  txqueuelen 0  (Ethernet)
        RX packets 397  bytes 30044 (29.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 287  bytes 31045 (30.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 54:ee:75:6c:0b:a4  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 23569  bytes 7947485 (7.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 23569  bytes 7947485 (7.5 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:07:f3:36  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fe00:410a  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:00:41:0a  txqueuelen 500  (Ethernet)
        RX packets 397  bytes 35602 (34.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 287  bytes 30618 (29.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.191.3  netmask 255.255.255.0  broadcast 192.168.191.255
        inet6 fe80::b66d:83ff:fe7c:1b86  prefixlen 64  scopeid 0x20<link>
        ether b4:6d:83:7c:1b:86  txqueuelen 1000  (Ethernet)
        RX packets 15715  bytes 7089472 (6.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 16586  bytes 15414602 (14.7 MiB)

         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

虚拟机可设为真机的ip加100

设定之后可以用ssh命令测试是否能连接虚拟机,以查看网络配置是否成功

[[email protected] Desktop]$ ssh [email protected]
[email protected]'s password:
Last login: Wed Apr 25 21:50:38 2018
还有另外一种方式是用 ping

[[email protected] Desktop]$ ping 172.25.254.165
PING 172.25.254.165 (172.25.254.165) 56(84) bytes of data.
64 bytes from 172.25.254.165: icmp_seq=1 ttl=64 time=0.125 ms
64 bytes from 172.25.254.165: icmp_seq=2 ttl=64 time=0.156 ms
64 bytes from 172.25.254.165: icmp_seq=3 ttl=64 time=0.155 ms
64 bytes from 172.25.254.165: icmp_seq=4 ttl=64 time=0.176 ms
64 bytes from 172.25.254.165: icmp_seq=5 ttl=64 time=0.142 ms
64 bytes from 172.25.254.165: icmp_seq=6 ttl=64 time=0.136 ms
^C
--- 172.25.254.165 ping statistics ---

如果连接虚拟机且需要打开其图形界面 可以用 ssh [email protected]   -X

这样就可以打开图形界面



3.给ssh服务添加新的认证方式 KEY认证

1.生成锁和钥匙

[[email protected] Desktop]$ ssh [email protected]
[email protected]'s password:
Last login: Wed Apr 25 22:08:25 2018 from 172.25.254.65
[[email protected] ~]# ssh-******
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): redhat        #保存加密字符的文件用默认
Enter passphrase (empty for no passphrase):                              #可以为空,如果想为空必须大于4位
Enter same passphrase again:                                                       #再次确认

Your identification has been saved in redhat.                                #生成的私钥

Your public key has been saved in redhat.pub.                             #生成的公钥
The key fingerprint is:
64:0c:1e:a4:ce:f2:54:2c:fb:bd:cb:c7:7e:90:45:da [email protected]
The key's randomart image is:


2.加密ssh用户的认证
#在服务端
ssh-copy-id -i /root/.ssh/id_rsa.pub [email protected]
ssh-copy-id        ##加密命令
-i            ##指定**
/root/.ssh/id_rsa.pub    ##**
root            ##加密用户
172.25.254.200        ##主机ip
3.验证
#解密文件传输到客户端
scp /root/.ssh/id_rsa  [email protected]:/root/.ssh/

#在客户端
ssh [email protected]        #连接不需要密码

#在服务端
rm -fr /root/.ssh/authorized_keys    ##当此文件被删除,客户端解密文件失效

#在服务端

cp /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys    ##从新生成锁文件,解密文件功能恢复


4.sshd的安全配置

vim /etc/ssh/sshd_config      #打开文件修改原始认证方式

Linux下的sshd网络连接服务

1.禁止原始认证方式
78 PasswordAuthentication no|yes    ##开启或关闭ssh的默认认证方式
48 PermitRootLogin no|yes        ##开启或关闭root用户的登陆权限
79 AllowUsers westos            ##用户白名单,当前设定是只允许westos登陆
80 DenyUsers linux            ##用户黑名单,当前设定是只不允许linux登陆

5.linux中服务的管理

systemctl    动作    服务
systemctl start        sshd        #开启服务
systemctl stop        sshd        #停止服务
systemctl status    sshd        #查看服务状态
systemctl restart    sshd        #重启服务
systemctl reload    sshd        #让服务从新加载配置
systemctl enable    sshd        #设定服务开启启动
systemctl disable    sshd        #设定服务开机不启动

systemctl list-unit-files        #查看系统中所有服务的开机启动状态

[[email protected] ~]# systemctl list-unit-files
UNIT FILE                                   STATE   
proc-sys-fs-binfmt_misc.automount           static  
dev-hugepages.mount                         static  
dev-mqueue.mount                            static  
proc-fs-nfsd.mount                          static  
proc-sys-fs-binfmt_misc.mount               static  
sys-fs-fuse-connections.mount               static  
sys-kernel-config.mount                     static  
sys-kernel-debug.mount                      static  
tmp.mount                                   masked  
var-lib-nfs-rpc_pipefs.mount                static  
brandbot.path                               disabled
cups.path                                   enabled
systemd-ask-password-console.path           static  
systemd-ask-password-plymouth.path          static  
systemd-ask-password-wall.path              static  
session-3.scope                             static  
session-8.scope                             static  
abrt-ccpp.service                           enabled
abrt-oops.service                           enabled
abrt-pstoreoops.service                     disabled
abrt-vmcore.service                         enabled
abrt-xorg.service                           enabled
lines 1-23

systemctl list-units            #查看系统中所有开启的服务
systemctl set-default graphical.target    #开机时开启图形
systemctl set-default multi-user.targe    #开机时不开图形















相关文章:

猜你喜欢
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode